From 79bc69a855fa71504d31c8df6315c337d7041d6a Mon Sep 17 00:00:00 2001 From: Lee Hinman <57081003+leehinman@users.noreply.github.com> Date: Fri, 18 Sep 2020 15:11:12 -0500 Subject: [PATCH] sync with recent changes in zeek package (#21155) - always attempt community_id processor - dnp3 reorder pipeline to be same as package (cherry picked from commit 1932f9f0adbfbe4ee66ee27183429345a21cc2c5) --- CHANGELOG.next.asciidoc | 1 + .../module/zeek/connection/config/connection.yml | 2 -- .../filebeat/module/zeek/connection/manifest.yml | 2 -- .../module/zeek/dce_rpc/config/dce_rpc.yml | 2 -- x-pack/filebeat/module/zeek/dce_rpc/manifest.yml | 2 -- x-pack/filebeat/module/zeek/dhcp/config/dhcp.yml | 2 -- x-pack/filebeat/module/zeek/dhcp/manifest.yml | 2 -- x-pack/filebeat/module/zeek/dnp3/config/dnp3.yml | 2 -- .../module/zeek/dnp3/ingest/pipeline.yml | 16 ++++++++-------- x-pack/filebeat/module/zeek/dnp3/manifest.yml | 2 -- x-pack/filebeat/module/zeek/dns/config/dns.yml | 2 -- x-pack/filebeat/module/zeek/dns/manifest.yml | 2 -- x-pack/filebeat/module/zeek/dpd/config/dpd.yml | 2 -- x-pack/filebeat/module/zeek/dpd/manifest.yml | 2 -- x-pack/filebeat/module/zeek/ftp/config/ftp.yml | 2 -- x-pack/filebeat/module/zeek/ftp/manifest.yml | 2 -- x-pack/filebeat/module/zeek/http/config/http.yml | 2 -- x-pack/filebeat/module/zeek/http/manifest.yml | 2 -- .../filebeat/module/zeek/intel/config/intel.yml | 2 -- x-pack/filebeat/module/zeek/intel/manifest.yml | 2 -- x-pack/filebeat/module/zeek/irc/config/irc.yml | 2 -- x-pack/filebeat/module/zeek/irc/manifest.yml | 2 -- .../module/zeek/kerberos/config/kerberos.yml | 2 -- .../filebeat/module/zeek/kerberos/manifest.yml | 2 -- .../module/zeek/modbus/config/modbus.yml | 2 -- x-pack/filebeat/module/zeek/modbus/manifest.yml | 2 -- .../filebeat/module/zeek/mysql/config/mysql.yml | 2 -- x-pack/filebeat/module/zeek/mysql/manifest.yml | 2 -- .../module/zeek/notice/config/notice.yml | 2 -- x-pack/filebeat/module/zeek/notice/manifest.yml | 2 -- x-pack/filebeat/module/zeek/ntlm/config/ntlm.yml | 2 -- x-pack/filebeat/module/zeek/ntlm/manifest.yml | 2 -- .../module/zeek/radius/config/radius.yml | 2 -- x-pack/filebeat/module/zeek/radius/manifest.yml | 2 -- x-pack/filebeat/module/zeek/rdp/config/rdp.yml | 2 -- x-pack/filebeat/module/zeek/rdp/manifest.yml | 2 -- x-pack/filebeat/module/zeek/rfb/config/rfb.yml | 2 -- x-pack/filebeat/module/zeek/rfb/manifest.yml | 2 -- x-pack/filebeat/module/zeek/sip/config/sip.yml | 2 -- x-pack/filebeat/module/zeek/sip/manifest.yml | 2 -- .../module/zeek/smb_cmd/config/smb_cmd.yml | 2 -- x-pack/filebeat/module/zeek/smb_cmd/manifest.yml | 2 -- .../module/zeek/smb_files/config/smb_files.yml | 2 -- .../filebeat/module/zeek/smb_files/manifest.yml | 2 -- .../zeek/smb_mapping/config/smb_mapping.yml | 2 -- .../module/zeek/smb_mapping/manifest.yml | 2 -- x-pack/filebeat/module/zeek/smtp/config/smtp.yml | 2 -- x-pack/filebeat/module/zeek/smtp/manifest.yml | 2 -- x-pack/filebeat/module/zeek/snmp/config/snmp.yml | 2 -- x-pack/filebeat/module/zeek/snmp/manifest.yml | 2 -- .../filebeat/module/zeek/socks/config/socks.yml | 2 -- x-pack/filebeat/module/zeek/socks/manifest.yml | 2 -- x-pack/filebeat/module/zeek/ssh/config/ssh.yml | 2 -- x-pack/filebeat/module/zeek/ssh/manifest.yml | 2 -- x-pack/filebeat/module/zeek/ssl/config/ssl.yml | 2 -- x-pack/filebeat/module/zeek/ssl/manifest.yml | 2 -- .../module/zeek/syslog/config/syslog.yml | 2 -- x-pack/filebeat/module/zeek/syslog/manifest.yml | 2 -- x-pack/filebeat/module/zeek/x509/manifest.yml | 2 -- 59 files changed, 9 insertions(+), 122 deletions(-) diff --git a/CHANGELOG.next.asciidoc b/CHANGELOG.next.asciidoc index 8ab50e22981..ca6f78283b9 100644 --- a/CHANGELOG.next.asciidoc +++ b/CHANGELOG.next.asciidoc @@ -657,6 +657,7 @@ field. You can revert this change by configuring tags for the module and omittin - Improve Suricata Eve module with `x509` ECS mappings {pull}20973[20973] - Added new module for Zoom webhooks {pull}20414[20414] - Add type and sub_type to panw panos fileset {pull}20912[20912] +- Always attempt community_id processor on zeek module {pull}21155[21155] *Heartbeat* diff --git a/x-pack/filebeat/module/zeek/connection/config/connection.yml b/x-pack/filebeat/module/zeek/connection/config/connection.yml index eb6515c6171..8a79295724f 100644 --- a/x-pack/filebeat/module/zeek/connection/config/connection.yml +++ b/x-pack/filebeat/module/zeek/connection/config/connection.yml @@ -90,7 +90,6 @@ processors: kind: event category: - network -{{ if .community_id }} - if: equals.network.transport: icmp then: @@ -100,7 +99,6 @@ processors: icmp_code: zeek.connection.icmp.code else: community_id: -{{ end }} - add_fields: target: '' fields: diff --git a/x-pack/filebeat/module/zeek/connection/manifest.yml b/x-pack/filebeat/module/zeek/connection/manifest.yml index 0acad34d69c..08f79bc28ca 100644 --- a/x-pack/filebeat/module/zeek/connection/manifest.yml +++ b/x-pack/filebeat/module/zeek/connection/manifest.yml @@ -10,8 +10,6 @@ var: - /usr/local/var/logs/current/conn.log - name: tags default: [zeek.connection] - - name: community_id - default: true ingest_pipeline: ingest/pipeline.yml input: config/connection.yml diff --git a/x-pack/filebeat/module/zeek/dce_rpc/config/dce_rpc.yml b/x-pack/filebeat/module/zeek/dce_rpc/config/dce_rpc.yml index e99deb6c68f..45010e08973 100644 --- a/x-pack/filebeat/module/zeek/dce_rpc/config/dce_rpc.yml +++ b/x-pack/filebeat/module/zeek/dce_rpc/config/dce_rpc.yml @@ -54,9 +54,7 @@ processors: - connection - protocol - info -{{ if .community_id }} - community_id: -{{ end }} - add_fields: target: '' fields: diff --git a/x-pack/filebeat/module/zeek/dce_rpc/manifest.yml b/x-pack/filebeat/module/zeek/dce_rpc/manifest.yml index 21ba27eac96..01bef572b67 100644 --- a/x-pack/filebeat/module/zeek/dce_rpc/manifest.yml +++ b/x-pack/filebeat/module/zeek/dce_rpc/manifest.yml @@ -10,8 +10,6 @@ var: - /usr/local/var/logs/current/dce_rpc.log - name: tags default: [zeek.dce_rpc] - - name: community_id - default: true ingest_pipeline: ingest/pipeline.yml input: config/dce_rpc.yml diff --git a/x-pack/filebeat/module/zeek/dhcp/config/dhcp.yml b/x-pack/filebeat/module/zeek/dhcp/config/dhcp.yml index e0eb1831b77..f1a2f0ced3a 100644 --- a/x-pack/filebeat/module/zeek/dhcp/config/dhcp.yml +++ b/x-pack/filebeat/module/zeek/dhcp/config/dhcp.yml @@ -116,9 +116,7 @@ processors: - connection - protocol - info -{{ if .community_id }} - community_id: -{{ end }} - add_fields: target: '' fields: diff --git a/x-pack/filebeat/module/zeek/dhcp/manifest.yml b/x-pack/filebeat/module/zeek/dhcp/manifest.yml index 7cb434b1955..ee4a7c24f3b 100644 --- a/x-pack/filebeat/module/zeek/dhcp/manifest.yml +++ b/x-pack/filebeat/module/zeek/dhcp/manifest.yml @@ -10,8 +10,6 @@ var: - /usr/local/var/logs/current/dhcp.log - name: tags default: [zeek.dhcp] - - name: community_id - default: true ingest_pipeline: ingest/pipeline.yml input: config/dhcp.yml diff --git a/x-pack/filebeat/module/zeek/dnp3/config/dnp3.yml b/x-pack/filebeat/module/zeek/dnp3/config/dnp3.yml index 33890a55071..7730d2b6d85 100644 --- a/x-pack/filebeat/module/zeek/dnp3/config/dnp3.yml +++ b/x-pack/filebeat/module/zeek/dnp3/config/dnp3.yml @@ -64,9 +64,7 @@ processors: - connection - protocol - info -{{ if .community_id }} - community_id: -{{ end }} - add_fields: target: '' fields: diff --git a/x-pack/filebeat/module/zeek/dnp3/ingest/pipeline.yml b/x-pack/filebeat/module/zeek/dnp3/ingest/pipeline.yml index 5585d24327e..e104312e1e1 100644 --- a/x-pack/filebeat/module/zeek/dnp3/ingest/pipeline.yml +++ b/x-pack/filebeat/module/zeek/dnp3/ingest/pipeline.yml @@ -23,14 +23,6 @@ processors: - lowercase: field: event.action ignore_missing: true -- append: - field: related.ip - value: '{{source.ip}}' - if: ctx?.source?.ip != null -- append: - field: related.ip - value: '{{destination.ip}}' - if: ctx?.destination?.ip != null - geoip: field: destination.ip target_field: destination.geo @@ -69,6 +61,14 @@ processors: field: destination.as.organization_name target_field: destination.as.organization.name ignore_missing: true +- append: + field: related.ip + value: '{{source.ip}}' + if: ctx?.source?.ip != null +- append: + field: related.ip + value: '{{destination.ip}}' + if: ctx?.destination?.ip != null on_failure: - set: field: error.message diff --git a/x-pack/filebeat/module/zeek/dnp3/manifest.yml b/x-pack/filebeat/module/zeek/dnp3/manifest.yml index 98de1c3af82..97829b3d0d0 100644 --- a/x-pack/filebeat/module/zeek/dnp3/manifest.yml +++ b/x-pack/filebeat/module/zeek/dnp3/manifest.yml @@ -10,8 +10,6 @@ var: - /usr/local/var/logs/current/dnp3.log - name: tags default: [zeek.dnp3] - - name: community_id - default: true ingest_pipeline: ingest/pipeline.yml input: config/dnp3.yml diff --git a/x-pack/filebeat/module/zeek/dns/config/dns.yml b/x-pack/filebeat/module/zeek/dns/config/dns.yml index 82d0306ea63..86a2022d695 100644 --- a/x-pack/filebeat/module/zeek/dns/config/dns.yml +++ b/x-pack/filebeat/module/zeek/dns/config/dns.yml @@ -193,9 +193,7 @@ processors: - connection - info - protocol -{{ if .community_id }} - community_id: -{{ end }} - drop_fields: ignore_missing: true fields: diff --git a/x-pack/filebeat/module/zeek/dns/manifest.yml b/x-pack/filebeat/module/zeek/dns/manifest.yml index 0c81ed95c2d..4ff46df94b9 100644 --- a/x-pack/filebeat/module/zeek/dns/manifest.yml +++ b/x-pack/filebeat/module/zeek/dns/manifest.yml @@ -10,8 +10,6 @@ var: - /usr/local/var/logs/current/dns.log - name: tags default: [zeek.dns] - - name: community_id - default: true ingest_pipeline: ingest/pipeline.yml input: config/dns.yml diff --git a/x-pack/filebeat/module/zeek/dpd/config/dpd.yml b/x-pack/filebeat/module/zeek/dpd/config/dpd.yml index 49e69972ef6..acc6defd4df 100644 --- a/x-pack/filebeat/module/zeek/dpd/config/dpd.yml +++ b/x-pack/filebeat/module/zeek/dpd/config/dpd.yml @@ -53,9 +53,7 @@ processors: type: - connection - info -{{ if .community_id }} - community_id: -{{ end }} - add_fields: target: '' fields: diff --git a/x-pack/filebeat/module/zeek/dpd/manifest.yml b/x-pack/filebeat/module/zeek/dpd/manifest.yml index aeba0ef31fc..854eadbf491 100644 --- a/x-pack/filebeat/module/zeek/dpd/manifest.yml +++ b/x-pack/filebeat/module/zeek/dpd/manifest.yml @@ -10,8 +10,6 @@ var: - /usr/local/var/logs/current/dpd.log - name: tags default: [zeek.dpd] - - name: community_id - default: true ingest_pipeline: ingest/pipeline.yml input: config/dpd.yml diff --git a/x-pack/filebeat/module/zeek/ftp/config/ftp.yml b/x-pack/filebeat/module/zeek/ftp/config/ftp.yml index 9be20cbd85b..51a3c053576 100644 --- a/x-pack/filebeat/module/zeek/ftp/config/ftp.yml +++ b/x-pack/filebeat/module/zeek/ftp/config/ftp.yml @@ -82,9 +82,7 @@ processors: - connection - info - protocol -{{ if .community_id }} - community_id: -{{ end }} - add_fields: target: '' fields: diff --git a/x-pack/filebeat/module/zeek/ftp/manifest.yml b/x-pack/filebeat/module/zeek/ftp/manifest.yml index cf51575cf84..1f37ead03d0 100644 --- a/x-pack/filebeat/module/zeek/ftp/manifest.yml +++ b/x-pack/filebeat/module/zeek/ftp/manifest.yml @@ -10,8 +10,6 @@ var: - /usr/local/var/logs/current/ftp.log - name: tags default: [zeek.ftp] - - name: community_id - default: true ingest_pipeline: ingest/pipeline.yml input: config/ftp.yml diff --git a/x-pack/filebeat/module/zeek/http/config/http.yml b/x-pack/filebeat/module/zeek/http/config/http.yml index 6f517c69320..4c7c812d0cc 100644 --- a/x-pack/filebeat/module/zeek/http/config/http.yml +++ b/x-pack/filebeat/module/zeek/http/config/http.yml @@ -89,9 +89,7 @@ processors: - connection - info - protocol -{{ if .community_id }} - community_id: -{{ end }} - add_fields: target: '' fields: diff --git a/x-pack/filebeat/module/zeek/http/manifest.yml b/x-pack/filebeat/module/zeek/http/manifest.yml index ddd253bb218..acf134c2333 100644 --- a/x-pack/filebeat/module/zeek/http/manifest.yml +++ b/x-pack/filebeat/module/zeek/http/manifest.yml @@ -10,8 +10,6 @@ var: - /usr/local/var/logs/current/http.log - name: tags default: [zeek.http] - - name: community_id - default: true ingest_pipeline: ingest/pipeline.yml input: config/http.yml diff --git a/x-pack/filebeat/module/zeek/intel/config/intel.yml b/x-pack/filebeat/module/zeek/intel/config/intel.yml index 4d35472f3ea..5b73833ea35 100644 --- a/x-pack/filebeat/module/zeek/intel/config/intel.yml +++ b/x-pack/filebeat/module/zeek/intel/config/intel.yml @@ -63,9 +63,7 @@ processors: kind: alert type: - info -{{ if .community_id }} - community_id: -{{ end }} - add_fields: target: '' fields: diff --git a/x-pack/filebeat/module/zeek/intel/manifest.yml b/x-pack/filebeat/module/zeek/intel/manifest.yml index 281f6ed65fe..a84788f4d75 100644 --- a/x-pack/filebeat/module/zeek/intel/manifest.yml +++ b/x-pack/filebeat/module/zeek/intel/manifest.yml @@ -10,8 +10,6 @@ var: - /usr/local/var/logs/current/intel.log - name: tags default: [zeek.intel] - - name: community_id - default: true ingest_pipeline: ingest/pipeline.yml input: config/intel.yml diff --git a/x-pack/filebeat/module/zeek/irc/config/irc.yml b/x-pack/filebeat/module/zeek/irc/config/irc.yml index 5125e82fac2..54aaa9d4f4b 100644 --- a/x-pack/filebeat/module/zeek/irc/config/irc.yml +++ b/x-pack/filebeat/module/zeek/irc/config/irc.yml @@ -68,9 +68,7 @@ processors: - connection - protocol - info -{{ if .community_id }} - community_id: -{{ end }} - add_fields: target: '' fields: diff --git a/x-pack/filebeat/module/zeek/irc/manifest.yml b/x-pack/filebeat/module/zeek/irc/manifest.yml index 3bf899fd2c0..36cf10a5bb3 100644 --- a/x-pack/filebeat/module/zeek/irc/manifest.yml +++ b/x-pack/filebeat/module/zeek/irc/manifest.yml @@ -10,8 +10,6 @@ var: - /usr/local/var/logs/current/irc.log - name: tags default: [zeek.irc] - - name: community_id - default: true ingest_pipeline: ingest/pipeline.yml input: config/irc.yml diff --git a/x-pack/filebeat/module/zeek/kerberos/config/kerberos.yml b/x-pack/filebeat/module/zeek/kerberos/config/kerberos.yml index dbb0c364ea8..f557da8ba7f 100644 --- a/x-pack/filebeat/module/zeek/kerberos/config/kerberos.yml +++ b/x-pack/filebeat/module/zeek/kerberos/config/kerberos.yml @@ -100,9 +100,7 @@ processors: tokenizer: "%{user.name}/%{user.domain}" field: zeek.kerberos.client target_prefix: "" -{{ if .community_id }} - community_id: -{{ end }} - add_fields: target: '' fields: diff --git a/x-pack/filebeat/module/zeek/kerberos/manifest.yml b/x-pack/filebeat/module/zeek/kerberos/manifest.yml index 4a94434f1d4..3f527b15013 100644 --- a/x-pack/filebeat/module/zeek/kerberos/manifest.yml +++ b/x-pack/filebeat/module/zeek/kerberos/manifest.yml @@ -10,8 +10,6 @@ var: - /usr/local/var/logs/current/kerberos.log - name: tags default: [zeek.kerberos] - - name: community_id - default: true ingest_pipeline: ingest/pipeline.yml input: config/kerberos.yml diff --git a/x-pack/filebeat/module/zeek/modbus/config/modbus.yml b/x-pack/filebeat/module/zeek/modbus/config/modbus.yml index c6a6c3bf9e1..d656ad0ab6a 100644 --- a/x-pack/filebeat/module/zeek/modbus/config/modbus.yml +++ b/x-pack/filebeat/module/zeek/modbus/config/modbus.yml @@ -69,9 +69,7 @@ processors: target: event fields: outcome: success -{{ if .community_id }} - community_id: -{{ end }} - add_fields: target: '' fields: diff --git a/x-pack/filebeat/module/zeek/modbus/manifest.yml b/x-pack/filebeat/module/zeek/modbus/manifest.yml index e20412fadc6..c4afd6315d4 100644 --- a/x-pack/filebeat/module/zeek/modbus/manifest.yml +++ b/x-pack/filebeat/module/zeek/modbus/manifest.yml @@ -10,8 +10,6 @@ var: - /usr/local/var/logs/current/modbus.log - name: tags default: [zeek.modbus] - - name: community_id - default: true ingest_pipeline: ingest/pipeline.yml input: config/modbus.yml diff --git a/x-pack/filebeat/module/zeek/mysql/config/mysql.yml b/x-pack/filebeat/module/zeek/mysql/config/mysql.yml index b3fd2c5484f..4c6e70d9f1c 100644 --- a/x-pack/filebeat/module/zeek/mysql/config/mysql.yml +++ b/x-pack/filebeat/module/zeek/mysql/config/mysql.yml @@ -68,9 +68,7 @@ processors: target: event fields: outcome: failure -{{ if .community_id }} - community_id: -{{ end }} - add_fields: target: '' fields: diff --git a/x-pack/filebeat/module/zeek/mysql/manifest.yml b/x-pack/filebeat/module/zeek/mysql/manifest.yml index 1b7ec4edb19..bba253a418e 100644 --- a/x-pack/filebeat/module/zeek/mysql/manifest.yml +++ b/x-pack/filebeat/module/zeek/mysql/manifest.yml @@ -10,8 +10,6 @@ var: - /usr/local/var/logs/current/mysql.log - name: tags default: [zeek.mysql] - - name: community_id - default: true ingest_pipeline: ingest/pipeline.yml input: config/mysql.yml diff --git a/x-pack/filebeat/module/zeek/notice/config/notice.yml b/x-pack/filebeat/module/zeek/notice/config/notice.yml index fa1cc38b31b..649d3f3ba97 100644 --- a/x-pack/filebeat/module/zeek/notice/config/notice.yml +++ b/x-pack/filebeat/module/zeek/notice/config/notice.yml @@ -100,9 +100,7 @@ processors: - intrusion_detection type: - info -{{ if .community_id }} - community_id: -{{ end }} - add_fields: target: '' fields: diff --git a/x-pack/filebeat/module/zeek/notice/manifest.yml b/x-pack/filebeat/module/zeek/notice/manifest.yml index e2bdf695027..e14f7222065 100644 --- a/x-pack/filebeat/module/zeek/notice/manifest.yml +++ b/x-pack/filebeat/module/zeek/notice/manifest.yml @@ -10,8 +10,6 @@ var: - /usr/local/var/logs/current/notice.log - name: tags default: [zeek.notice] - - name: community_id - default: true ingest_pipeline: ingest/pipeline.yml input: config/notice.yml diff --git a/x-pack/filebeat/module/zeek/ntlm/config/ntlm.yml b/x-pack/filebeat/module/zeek/ntlm/config/ntlm.yml index dcf1cb46f6f..c67f66b54b9 100644 --- a/x-pack/filebeat/module/zeek/ntlm/config/ntlm.yml +++ b/x-pack/filebeat/module/zeek/ntlm/config/ntlm.yml @@ -82,9 +82,7 @@ processors: target: event fields: outcome: failure -{{ if .community_id }} - community_id: -{{ end }} - add_fields: target: '' fields: diff --git a/x-pack/filebeat/module/zeek/ntlm/manifest.yml b/x-pack/filebeat/module/zeek/ntlm/manifest.yml index 545bef85aaa..e16e6ec8b3a 100644 --- a/x-pack/filebeat/module/zeek/ntlm/manifest.yml +++ b/x-pack/filebeat/module/zeek/ntlm/manifest.yml @@ -10,8 +10,6 @@ var: - /usr/local/var/logs/current/ntlm.log - name: tags default: [zeek.ntlm] - - name: community_id - default: true ingest_pipeline: ingest/pipeline.yml input: config/ntlm.yml diff --git a/x-pack/filebeat/module/zeek/radius/config/radius.yml b/x-pack/filebeat/module/zeek/radius/config/radius.yml index d133dbc014c..66fccaa3f5c 100644 --- a/x-pack/filebeat/module/zeek/radius/config/radius.yml +++ b/x-pack/filebeat/module/zeek/radius/config/radius.yml @@ -54,9 +54,7 @@ processors: type: - info - connection -{{ if .community_id }} - community_id: -{{ end }} - add_fields: target: '' fields: diff --git a/x-pack/filebeat/module/zeek/radius/manifest.yml b/x-pack/filebeat/module/zeek/radius/manifest.yml index f881f404d7a..d3bdee065b0 100644 --- a/x-pack/filebeat/module/zeek/radius/manifest.yml +++ b/x-pack/filebeat/module/zeek/radius/manifest.yml @@ -10,8 +10,6 @@ var: - /usr/local/var/logs/current/radius.log - name: tags default: [zeek.radius] - - name: community_id - default: true ingest_pipeline: ingest/pipeline.yml input: config/radius.yml diff --git a/x-pack/filebeat/module/zeek/rdp/config/rdp.yml b/x-pack/filebeat/module/zeek/rdp/config/rdp.yml index 1ea1c28520c..de71448fb1b 100644 --- a/x-pack/filebeat/module/zeek/rdp/config/rdp.yml +++ b/x-pack/filebeat/module/zeek/rdp/config/rdp.yml @@ -84,9 +84,7 @@ processors: type: - protocol - info -{{ if .community_id }} - community_id: -{{ end }} - add_fields: target: '' fields: diff --git a/x-pack/filebeat/module/zeek/rdp/manifest.yml b/x-pack/filebeat/module/zeek/rdp/manifest.yml index b0c76c9f3a3..0a2bc7b77ec 100644 --- a/x-pack/filebeat/module/zeek/rdp/manifest.yml +++ b/x-pack/filebeat/module/zeek/rdp/manifest.yml @@ -10,8 +10,6 @@ var: - /usr/local/var/logs/current/rdp.log - name: tags default: [zeek.rdp] - - name: community_id - default: true ingest_pipeline: ingest/pipeline.yml input: config/rdp.yml diff --git a/x-pack/filebeat/module/zeek/rfb/config/rfb.yml b/x-pack/filebeat/module/zeek/rfb/config/rfb.yml index d0eade39d0e..3adb14c55bf 100644 --- a/x-pack/filebeat/module/zeek/rfb/config/rfb.yml +++ b/x-pack/filebeat/module/zeek/rfb/config/rfb.yml @@ -69,9 +69,7 @@ processors: type: - connection - info -{{ if .community_id }} - community_id: -{{ end }} - add_fields: target: '' fields: diff --git a/x-pack/filebeat/module/zeek/rfb/manifest.yml b/x-pack/filebeat/module/zeek/rfb/manifest.yml index 2b9daaab107..4bba4f4f37c 100644 --- a/x-pack/filebeat/module/zeek/rfb/manifest.yml +++ b/x-pack/filebeat/module/zeek/rfb/manifest.yml @@ -10,8 +10,6 @@ var: - /usr/local/var/logs/current/rfb.log - name: tags default: [zeek.rfb] - - name: community_id - default: true ingest_pipeline: ingest/pipeline.yml input: config/rfb.yml diff --git a/x-pack/filebeat/module/zeek/sip/config/sip.yml b/x-pack/filebeat/module/zeek/sip/config/sip.yml index 7355ba353c7..7aa30034de2 100644 --- a/x-pack/filebeat/module/zeek/sip/config/sip.yml +++ b/x-pack/filebeat/module/zeek/sip/config/sip.yml @@ -91,9 +91,7 @@ processors: type: - connection - protocol -{{ if .community_id }} - community_id: -{{ end }} - add_fields: target: '' fields: diff --git a/x-pack/filebeat/module/zeek/sip/manifest.yml b/x-pack/filebeat/module/zeek/sip/manifest.yml index 8da0cc443dd..2186e6b0f3f 100644 --- a/x-pack/filebeat/module/zeek/sip/manifest.yml +++ b/x-pack/filebeat/module/zeek/sip/manifest.yml @@ -10,8 +10,6 @@ var: - /usr/local/var/logs/current/sip.log - name: tags default: [zeek.sip] - - name: community_id - default: true ingest_pipeline: ingest/pipeline.yml input: config/sip.yml diff --git a/x-pack/filebeat/module/zeek/smb_cmd/config/smb_cmd.yml b/x-pack/filebeat/module/zeek/smb_cmd/config/smb_cmd.yml index 693c439454a..763379a7d88 100644 --- a/x-pack/filebeat/module/zeek/smb_cmd/config/smb_cmd.yml +++ b/x-pack/filebeat/module/zeek/smb_cmd/config/smb_cmd.yml @@ -97,9 +97,7 @@ processors: type: - connection - protocol -{{ if .community_id }} - community_id: -{{ end }} - add_fields: target: '' fields: diff --git a/x-pack/filebeat/module/zeek/smb_cmd/manifest.yml b/x-pack/filebeat/module/zeek/smb_cmd/manifest.yml index a4ad3a78ce1..331cafae30f 100644 --- a/x-pack/filebeat/module/zeek/smb_cmd/manifest.yml +++ b/x-pack/filebeat/module/zeek/smb_cmd/manifest.yml @@ -10,8 +10,6 @@ var: - /usr/local/var/logs/current/smb_cmd.log - name: tags default: [zeek.smb_cmd] - - name: community_id - default: true ingest_pipeline: ingest/pipeline.yml input: config/smb_cmd.yml diff --git a/x-pack/filebeat/module/zeek/smb_files/config/smb_files.yml b/x-pack/filebeat/module/zeek/smb_files/config/smb_files.yml index 16fb3d36964..c5f7c2e53e7 100644 --- a/x-pack/filebeat/module/zeek/smb_files/config/smb_files.yml +++ b/x-pack/filebeat/module/zeek/smb_files/config/smb_files.yml @@ -57,9 +57,7 @@ processors: type: - connection - protocol -{{ if .community_id }} - community_id: -{{ end }} - add_fields: target: '' fields: diff --git a/x-pack/filebeat/module/zeek/smb_files/manifest.yml b/x-pack/filebeat/module/zeek/smb_files/manifest.yml index f59a04153a5..bdbf0324fd9 100644 --- a/x-pack/filebeat/module/zeek/smb_files/manifest.yml +++ b/x-pack/filebeat/module/zeek/smb_files/manifest.yml @@ -10,8 +10,6 @@ var: - /usr/local/var/logs/current/smb_files.log - name: tags default: [zeek.smb_files] - - name: community_id - default: true ingest_pipeline: ingest/pipeline.yml input: config/smb_files.yml diff --git a/x-pack/filebeat/module/zeek/smb_mapping/config/smb_mapping.yml b/x-pack/filebeat/module/zeek/smb_mapping/config/smb_mapping.yml index 168458ba1d0..624454ed171 100644 --- a/x-pack/filebeat/module/zeek/smb_mapping/config/smb_mapping.yml +++ b/x-pack/filebeat/module/zeek/smb_mapping/config/smb_mapping.yml @@ -53,9 +53,7 @@ processors: type: - connection - protocol -{{ if .community_id }} - community_id: -{{ end }} - add_fields: target: '' fields: diff --git a/x-pack/filebeat/module/zeek/smb_mapping/manifest.yml b/x-pack/filebeat/module/zeek/smb_mapping/manifest.yml index 7382e529b27..f4afd881b54 100644 --- a/x-pack/filebeat/module/zeek/smb_mapping/manifest.yml +++ b/x-pack/filebeat/module/zeek/smb_mapping/manifest.yml @@ -10,8 +10,6 @@ var: - /usr/local/var/logs/current/smb_mapping.log - name: tags default: [zeek.smb_mapping] - - name: community_id - default: true ingest_pipeline: ingest/pipeline.yml input: config/smb_mapping.yml diff --git a/x-pack/filebeat/module/zeek/smtp/config/smtp.yml b/x-pack/filebeat/module/zeek/smtp/config/smtp.yml index acc02bf91df..5b2f6595df2 100644 --- a/x-pack/filebeat/module/zeek/smtp/config/smtp.yml +++ b/x-pack/filebeat/module/zeek/smtp/config/smtp.yml @@ -63,9 +63,7 @@ processors: type: - connection - protocol -{{ if .community_id }} - community_id: -{{ end }} - add_fields: target: '' fields: diff --git a/x-pack/filebeat/module/zeek/smtp/manifest.yml b/x-pack/filebeat/module/zeek/smtp/manifest.yml index 6d69b3b5e3e..bc0d180278b 100644 --- a/x-pack/filebeat/module/zeek/smtp/manifest.yml +++ b/x-pack/filebeat/module/zeek/smtp/manifest.yml @@ -10,8 +10,6 @@ var: - /usr/local/var/logs/current/smtp.log - name: tags default: [zeek.smtp] - - name: community_id - default: true ingest_pipeline: ingest/pipeline.yml input: config/smtp.yml diff --git a/x-pack/filebeat/module/zeek/snmp/config/snmp.yml b/x-pack/filebeat/module/zeek/snmp/config/snmp.yml index 684ecd01d06..0c7e05ce6db 100644 --- a/x-pack/filebeat/module/zeek/snmp/config/snmp.yml +++ b/x-pack/filebeat/module/zeek/snmp/config/snmp.yml @@ -65,9 +65,7 @@ processors: type: - connection - protocol -{{ if .community_id }} - community_id: -{{ end }} - add_fields: target: '' fields: diff --git a/x-pack/filebeat/module/zeek/snmp/manifest.yml b/x-pack/filebeat/module/zeek/snmp/manifest.yml index b980b6fb82e..e25fb364b1e 100644 --- a/x-pack/filebeat/module/zeek/snmp/manifest.yml +++ b/x-pack/filebeat/module/zeek/snmp/manifest.yml @@ -10,8 +10,6 @@ var: - /usr/local/var/logs/current/snmp.log - name: tags default: [zeek.snmp] - - name: community_id - default: true ingest_pipeline: ingest/pipeline.yml input: config/snmp.yml diff --git a/x-pack/filebeat/module/zeek/socks/config/socks.yml b/x-pack/filebeat/module/zeek/socks/config/socks.yml index 9ce64d99076..f834e5d1bcc 100644 --- a/x-pack/filebeat/module/zeek/socks/config/socks.yml +++ b/x-pack/filebeat/module/zeek/socks/config/socks.yml @@ -63,9 +63,7 @@ processors: type: - connection - protocol -{{ if .community_id }} - community_id: -{{ end }} - add_fields: target: '' fields: diff --git a/x-pack/filebeat/module/zeek/socks/manifest.yml b/x-pack/filebeat/module/zeek/socks/manifest.yml index 68fea837fde..55c4a387524 100644 --- a/x-pack/filebeat/module/zeek/socks/manifest.yml +++ b/x-pack/filebeat/module/zeek/socks/manifest.yml @@ -10,8 +10,6 @@ var: - /usr/local/var/logs/current/socks.log - name: tags default: [zeek.socks] - - name: community_id - default: true ingest_pipeline: ingest/pipeline.yml input: config/socks.yml diff --git a/x-pack/filebeat/module/zeek/ssh/config/ssh.yml b/x-pack/filebeat/module/zeek/ssh/config/ssh.yml index 453c6b0fae5..c855d49dff2 100644 --- a/x-pack/filebeat/module/zeek/ssh/config/ssh.yml +++ b/x-pack/filebeat/module/zeek/ssh/config/ssh.yml @@ -72,9 +72,7 @@ processors: type: - connection - protocol -{{ if .community_id }} - community_id: -{{ end }} - add_fields: target: '' fields: diff --git a/x-pack/filebeat/module/zeek/ssh/manifest.yml b/x-pack/filebeat/module/zeek/ssh/manifest.yml index 60249e25c21..9d2f39212b5 100644 --- a/x-pack/filebeat/module/zeek/ssh/manifest.yml +++ b/x-pack/filebeat/module/zeek/ssh/manifest.yml @@ -10,8 +10,6 @@ var: - /usr/local/var/logs/current/ssh.log - name: tags default: [zeek.ssh] - - name: community_id - default: true ingest_pipeline: ingest/pipeline.yml input: config/ssh.yml diff --git a/x-pack/filebeat/module/zeek/ssl/config/ssl.yml b/x-pack/filebeat/module/zeek/ssl/config/ssl.yml index 897db4b9fff..c3ecbd94be9 100644 --- a/x-pack/filebeat/module/zeek/ssl/config/ssl.yml +++ b/x-pack/filebeat/module/zeek/ssl/config/ssl.yml @@ -75,9 +75,7 @@ processors: type: - connection - protocol -{{ if .community_id }} - community_id: -{{ end }} - add_fields: target: '' fields: diff --git a/x-pack/filebeat/module/zeek/ssl/manifest.yml b/x-pack/filebeat/module/zeek/ssl/manifest.yml index 0b3da1331ff..49e474dfadc 100644 --- a/x-pack/filebeat/module/zeek/ssl/manifest.yml +++ b/x-pack/filebeat/module/zeek/ssl/manifest.yml @@ -10,8 +10,6 @@ var: - /usr/local/var/logs/current/ssl.log - name: tags default: [zeek.ssl] - - name: community_id - default: true ingest_pipeline: ingest/pipeline.yml input: config/ssl.yml diff --git a/x-pack/filebeat/module/zeek/syslog/config/syslog.yml b/x-pack/filebeat/module/zeek/syslog/config/syslog.yml index 16c6ebb6187..a89601cb717 100644 --- a/x-pack/filebeat/module/zeek/syslog/config/syslog.yml +++ b/x-pack/filebeat/module/zeek/syslog/config/syslog.yml @@ -53,9 +53,7 @@ processors: target: event fields: kind: event -{{ if .community_id }} - community_id: -{{ end }} - add_fields: target: '' fields: diff --git a/x-pack/filebeat/module/zeek/syslog/manifest.yml b/x-pack/filebeat/module/zeek/syslog/manifest.yml index 8db76ab5b36..03a80586303 100644 --- a/x-pack/filebeat/module/zeek/syslog/manifest.yml +++ b/x-pack/filebeat/module/zeek/syslog/manifest.yml @@ -10,8 +10,6 @@ var: - /usr/local/var/logs/current/syslog.log - name: tags default: [zeek.syslog] - - name: community_id - default: true ingest_pipeline: ingest/pipeline.yml input: config/syslog.yml diff --git a/x-pack/filebeat/module/zeek/x509/manifest.yml b/x-pack/filebeat/module/zeek/x509/manifest.yml index 674610886fc..a183f7dbc3d 100644 --- a/x-pack/filebeat/module/zeek/x509/manifest.yml +++ b/x-pack/filebeat/module/zeek/x509/manifest.yml @@ -10,8 +10,6 @@ var: - /usr/local/var/logs/current/x509.log - name: tags default: [zeek.x509] - - name: community_id - default: true ingest_pipeline: ingest/pipeline.yml input: config/x509.yml